Open Services for Lifecycle Collaboration (OSLC) Server
Open Services for Lifecycle Collaboration (OSLC) services are used to simplify integration across the lifecycle management tools. Windchill supports the OSLC specification by default and enable the OSLC clients to use these services to integrate with Windchill.
The Windchill OSLC APIs allow OSLC clients to query and link to Windchill parts based on the OSLC specifications. Windchill supports the following OSLC specifications:
• Core 3.0
The Windchill OSLC Services are responsible for mapping Windchill objects to a corresponding OSLC resource and provide the response for these resources in the requested format. Following are the supported formats:
• rdf+xml (Default)
• text/turtle
 |
The Windchill OSLC Services can be used only by OSLC clients; non-OSLC clients must use the Windchill (OData) Rest Services (WRS).
|
OSLC Catalog
The OSLC Catalog can be accessed at http(s)://<server>:<port>/Windchill/oslc/catalog for more information on all available services, resources and terminology.
Configuring OAuth Authorization
The default authorization for the Windchill OSLC Services is basic authorization. An additional configuration step is required to enable OAuth authorization.
See Configure OAuth Delegated Authorization for steps to configure Windchill to use OAuth. After Windchill OAuth is configured, set the following Windchill properties:
|
Property Name
|
Description
|
|---|---|
|
oslc.authorizationURI
|
URI for obtaining OAuth authorization
|
|
oslc.oauthAccessTokenURI
|
URI for obtaining OAuth access token
|
|
oslc.oauthRequestTokenURI
|
URI for obtaining OAuth request token
|
When the OSLC OAuth properties are configured, the Windchill OSLC Catalog includes the OAuthConfiguration property, which allows OSLC clients to discover that they should use OAuth authorization.
|
|
When you use OAuth authorization, make sure all requests to OSLC endpoints are prefixed with the configured SpringSecurityFilterChain url pattern. For example, if SpringSecurityFilterChain is configured with the /oauth/* url pattern, all OSLC endpoints must have the /oauth/oslc/* url pattern.
|
Configuration Required after Windchill Update
To enable the Windchill OSLC Services after updating from a previous version of Windchill, perform the following steps:
1. Add the following entry to %WT_HOME%/codebase/WEB_INF/web.xml
<servlet-mapping>
<servlet-name>OSLCServlet</servlet-name>
<url-pattern>/oslc/*</url-pattern>
</servlet-mapping>
<servlet-name>OSLCServlet</servlet-name>
<url-pattern>/oslc/*</url-pattern>
</servlet-mapping>
2. To add the OSLC path to the Apache configuration, add the following entry to HTTPServer/conf/conf.d/30-app-Windchill-AJP.conf
JkMount /Windchill/oslc/* ajpWorker
3. To configure the OSLC catalog for anonymous access in the Apache configuration, add the following entry to HTTPServer/conf/conf.d/30-app-Windchill-Auth.conf
<LocationMatch ^/+Windchill/+oslc/catalog(;.*)?>
Require all granted
</LocationMatch>
Require all granted
</LocationMatch>
Configuration for Content Security Policy
To allow client sites from other sites to view OSLC previews, update the web.xml file to include the following OSLC Content Security servlet filter configurations:
<filter>
<filter-name>OSLCContentSecurityFilter</filter-name>
<description>Servlet request filter to set the Content Security Policy for previews</description>
<filter-class>com.ptc.oslc.windchill.filter.OSLCHttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>https://site1.domain.com,https://site2.domain.com </param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OSLCContentSecurityFilter</filter-name>
<url-pattern>/oslc/*</url-pattern>
</filter-mapping>
<filter-name>OSLCContentSecurityFilter</filter-name>
<description>Servlet request filter to set the Content Security Policy for previews</description>
<filter-class>com.ptc.oslc.windchill.filter.OSLCHttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>https://site1.domain.com,https://site2.domain.com </param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OSLCContentSecurityFilter</filter-name>
<url-pattern>/oslc/*</url-pattern>
</filter-mapping>
Configuration for Cross-Origin Resource Sharing (CORS) for OSLC
 |
For a more secure configuration, use the CORS filter for a cross-domain OSLC configuration only.
|
 |
When configuring Windchill to share OSLC resources with other PTC OSLC client applications, install these applications locally in the same domain.
|
To allow client sites from other sites to view OSLC services, update the web.xml file to include the following servlet filter configurations:
<filter>
<filter-name>ContentCorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>[ALLOWED_ORIGINS]</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ContentCorsFilter</filter-name>
<url-pattern>/oslc/preview/*</url-pattern>
<url-pattern>/oslc/config/*</url-pattern>
</filter-mapping>
<filter-name>ContentCorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>[ALLOWED_ORIGINS]</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ContentCorsFilter</filter-name>
<url-pattern>/oslc/preview/*</url-pattern>
<url-pattern>/oslc/config/*</url-pattern>
</filter-mapping>
Configuring Embedded Servlet Engine to Frame Windchill Previews for a Cross-Site Deployment
When Windchill is integrated with an external OSLC server such as Codebeamer and both are deployed cross-site, Embedded Servlet Engine (based on Tomcat) must be configured to support framing of Windchill previews in the integrated OSLC server. A cross-site deployment refers to servers that are deployed to different top-level internet domains, such as windchill.foo.com and codebeamer.bar.com.
|
|
This configuration is necessary to ensure compatibility with newer browser versions.
|
To configure Embedded Servlet Engine (based on Tomcat), set the following properties in the wt.properties file using the xconfmanager utility.
|
Property
|
Description
|
|---|---|
|
wt.authCookieName
|
Name of the authentication cookie.
|
|
wt.authCookieNameRegexp
|
Regular expression matching name of the authentication cookie.
For example: _shibsession_.*
To locate the authentication cookie, login to the Windchill and go to > > in the browser.
|
|
|
Ensure that the cookie is not stripped or omitted by the authenticating web server or proxy, but passed down to the Embedded Servlet Engine.
|